CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

XWiki allows unregistered users to access private pages information through REST endpoint

Impact Protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the...

Dell EMC Unisphere for PowerMax 安全漏洞

DELL Dell EMC Unisphere for PowerMax is a graphical management tool for PowerMax storage arrays from Dell DELL U.S.A. A security vulnerability exists in Dell EMC Unisphere for PowerMax, which stems from the lack of effective restrictions and filtering of user privileges in the software. An attack...

Drupalgeddon Two.

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a...

The vulnerability of the Cacti network monitoring software allows a hacker to circumvent existing access restrictions.

The vulnerability of the Cacti network monitoring software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing access restrictions by logging in as a user who is not registered in the database...

CVE-2007-2849

KnowledgeTree Document Management aka KnowledgeTree Open Source before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check...

MyBB 1.10 'newthread.php' < CrossSiteScripting >

MyBB 1.10 'newthread.php' CrossSiteScripting Devil-00 | D3vil-0x1 Conditions 1- your unregisterd user 2- you have permissions to do newthread --------------- do newthread with this username :- scriptalertdocument.cookie;/scriptD3vil-0x1 Then Preview it ; ---------------...

[Full-disclosure] PHPMyChat Authentication Bypass

PHPMyChat Authentication Bypass ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I won't have bothered to post this silly flaw but after seeing the google search result for inurl:phpMyChat.php3 , I thought it would be good idea to keep people informed. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use...